UDP connections from NAT'ed jails
Kristof Provost
kristof at sigsegv.be
Tue Feb 27 04:23:46 UTC 2018
On 26 Feb 2018, at 20:20, Peter Ludikovsky wrote:
> With the adapdation on the VM:
>
> [peter at doctor ~]$ sudo service pf reload
> Reloading pf rules.
> [peter at doctor ~]$ cat /etc/pf.conf
> IP_PUB="10.0.2.15"
> IP_JAIL="192.168.5.2"
> NET_JAIL="192.168.5.0/24"
> scrub in all
> #set skip on lo
> nat pass on em0 from $NET_JAIL to any -> $IP_PUB
> pass out keep state
> [peter at doctor ~]$ sudo pfctl -sn
> nat pass on em0 inet from 192.168.5.0/24 to any -> 10.0.2.15
> [peter at doctor ~]$ host pkg.freebsd.org
> pkg.freebsd.org is an alias for pkgmir.geo.freebsd.org.
> pkgmir.geo.freebsd.org has address 149.20.1.201
> pkgmir.geo.freebsd.org has IPv6 address 2001:4f8:1:11::50:1
>
> No change in the jail.
>
> tcpdump on the host shows resolution happening for the jail-host, but
> nothing for the jail itself.
>
So you don’t see any UDP/DNS packets at all when the jail tries to
resolve a hostname?
That’s certainly odd.
Does `truss host google.com` in the jail show anything interesting?
Regards,
Kristof
More information about the freebsd-questions
mailing list